Lexmark MX931 Security White Paper - Page 25

Benefits, Details, No control of the device through phone lines

Get Lexmark MX931 PDF manuals and user guides View all Lexmark MX931 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 25 highlights

Secure Network Interfaces 25 The fax modem connection is restricted to Facsimile Class 1 mode, and the data transferred over the modem is limited to facsimile image data only. The connection is not the same as on a laptop or other device modem where an arbitrary network connection can be established through the fax modem. Rather, the information exchanged over the MFP modem is restricted to image data only. Network protocols are not supported through the fax modem. There is no support for exchanging TCP/IP traffic of any sort, including FTP, HTTP, SNMP, Telnet, or any other form of network packet. Also, there is no support for modifying an MFP configuration through the fax modem connection. Settings cannot be viewed or changed, and there is no access to an MFP file system through the fax connection. Benefits Support for fax on a networked MFP includes the following benefits: • Incoming fax images can be printed as hard copy or routed to a predefined e-mail, FTP, or workflow destination. This action does not undermine the network security because the incoming data can only be in an image format. The fax connection cannot receive or transmit executable data such as applications, scripts, or viruses. • Incoming faxes can be redirected to an alternate fax machine. This redirection can be useful when an office is temporarily closed, as it allows forwarding of incoming faxes to an alternate device that is being regularly monitored. Details There is a long list of reasons why the presence of a fax modem on a Lexmark device with a network adapter does not expose security. This document explores each of these points in more detail: • Controlling the device through the phone connection is not supported. You cannot dial in to the device and interact with it through FTP, Telnet, or similar mechanisms. • The modem and network adapter hardware are on separate cards and cannot communicate directly with one another. This separation prohibits data from moving between the two channels. • The modem is configured to send and receive fax only, not data. • The modem configuration is limited and controlled by the MFP firmware. The MFP firmware does not allow arbitrary data to be exchanged over the fax modem-only facsimile data representing page images can be exchanged. • The avenues by which the MFP firmware can be updated are secured. Also, unauthorized firmware and software cannot be loaded in the MFP. All these factors prevent the interaction of the fax modem and network adapter hardware from exposure to security threats. No control of the device through phone lines Many devices that support an analog phone modem can be controlled remotely through the phone line. On such devices, you can call the device and interact with it-turn it on or off, change its settings, and so on. Typically, this is managed through something such as Telnet. However, the presence of an analog phone modem does not automatically involve any such mechanism. For the device to allow such interaction, the support must be built in and intentionally provided. Lexmark products do not include or allow this kind of control. No Lexmark device allows any sort of configuration through the phone line. No diagnostic modes by which any external mechanism can control or reconfigure the behavior of the modem. The only data that the analog phone modem can exchange is fax information. It does not allow for configuration or any sort of remote control of the device, and it does not allow any avenue to access the network to which the device is connected.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
The fax modem connection is restricted to Facsimile Class 1 mode, and the data transferred over the modem
is limited to facsimile image data only. The connection is not the same as on a laptop or other device modem
where an arbitrary network connection can be established through the fax modem. Rather, the information
exchanged over the MFP modem is restricted to image data only.
Network protocols are not supported through the fax modem. There is no support for exchanging TCP/IP traffic
of any sort, including FTP, HTTP, SNMP, Telnet, or any other form of network packet. Also, there is no support
for modifying an MFP configuration through the fax modem connection. Settings cannot be viewed or changed,
and there is no access to an MFP file system through the fax connection.
Benefits
Support for fax on a networked MFP includes the following benefits:
Incoming fax images can be printed as hard copy or routed to a predefined e-mail, FTP, or workflow
destination. This action does not undermine the network security because the incoming data can only be
in an image format. The fax connection cannot receive or transmit executable data such as applications,
scripts, or viruses.
Incoming faxes can be redirected to an alternate fax machine. This redirection can be useful when an office
is temporarily closed, as it allows forwarding of incoming faxes to an alternate device that is being regularly
monitored.
Details
There is a long list of reasons why the presence of a fax modem on a Lexmark device with a network adapter
does not expose security. This document explores each of these points in more detail:
Controlling the device through the phone connection is not supported. You cannot dial in to the device and
interact with it through FTP, Telnet, or similar mechanisms.
The modem and network adapter hardware are on separate cards and cannot communicate directly with
one another. This separation prohibits data from moving between the two channels.
The modem is configured to send and receive fax only, not data.
The modem configuration is limited and controlled by the MFP firmware. The MFP firmware does not allow
arbitrary data to be exchanged over the fax modem—only facsimile data representing page images can be
exchanged.
The avenues by which the MFP firmware can be updated are secured. Also, unauthorized firmware and
software cannot be loaded in the MFP.
All these factors prevent the interaction of the fax modem and network adapter hardware from exposure to
security threats.
No control of the device through phone lines
Many devices that support an analog phone modem can be controlled remotely through the phone line. On
such devices, you can call the device and interact with it—turn it on or off, change its settings, and so on.
Typically, this is managed through something such as Telnet. However, the presence of an analog phone modem
does not automatically involve any such mechanism. For the device to allow such interaction, the support must
be built in and intentionally provided. Lexmark products do not include or allow this kind of control.
No Lexmark device allows any sort of configuration through the phone line. No diagnostic modes by which any
external mechanism can control or reconfigure the behavior of the modem. The only data that the analog phone
modem can exchange is fax information. It does not allow for configuration or any sort of remote control of the
device, and it does not allow any avenue to access the network to which the device is connected.
Secure Network Interfaces
25